CWE-601

GPTKB entity

Statements (21)
Predicate Object
gptkbp:instance_of gptkb:Common_Weakness_Enumeration
gptkbp:category Improper Input Validation
gptkbp:consequences User redirection to a malicious site.
gptkbp:description A weakness that allows an attacker to redirect users to a malicious site.
gptkbp:difficulty_levels gptkb:medium
gptkbp:example Redirecting to a URL based on user input without validation.
gptkbp:has_enemies gptkb:Web
gptkbp:has_weakness gptkb:CWE-601
https://www.w3.org/2000/01/rdf-schema#label CWE-601
gptkbp:impact Phishing attacks
Malware distribution
gptkbp:is_referenced_in gptkb:SANS_Top_25
gptkb:NIST_SP_800-53
gptkb:OWASP_Top_Ten
gptkbp:name URL Redirection to Untrusted Site (' Open Redirect')
gptkbp:prevention Use a whitelist of allowed URLs
Validate redirect URLs
gptkbp:related_to gptkb:CWE-601
gptkb:CWE-20
gptkbp:bfsParent gptkb:CWE-20
gptkbp:bfsLayer 7